Cisco is a long-time leader in delivering cutting-edge firewalls for the broadest possible variety of environments. Cisco's Firepower NGFWs Firewalls provide an advanced cybersecurity solution that combines dedicated hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist you to design and carry out a smooth migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's subscription-based security services to create and centrally manage network ecosystems that include local offices, data centers, private clouds and public clouds. Progent can also help you to maintain and troubleshoot legacy Cisco firewalls. Progent's certified network security experts can help you with policy creation and tuning driven by industry best practices in order to establish a consistent and effective security posture that applies to all your networked devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement compared to Cisco's popular ASA 5500-X security appliances and include centralized management and automation of modern security features like application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, see Firepower firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances offer integrated firewall, VPN, and intrusion prevention system capabilities in single-box packages, delivering a wide range of features to match the security needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls enable IT security teams to defend their network perimeter and provide secure remote connectivity while using powerful management tools built on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life status but are still widely deployed in smaller organizations and in a few larger networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's legacy firewalls, if carefully managed, continue to offer a high degree of security by supplying multiple security functions such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X devices can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified infrastructure consultants can assist you to support and debug legacy ASA 5500 and PIX 500 firewalls and can also assist you to plan and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, configure, optimize, manage and debug new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also help you to upgrade from your Cisco ASA 5500-X deployment to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an improved replacement for each rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the same environment as the associated earlier models, which offers small and midsize businesses plenty of choice for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud deployments.
For additional information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, go to Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Cisco's Firepower Services, which provide layered defense against advanced threats. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:
- Layered defense against both familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to discover and remediate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, network infrastructure, software applications, and content to detect threats that incorporate multiple vectors
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate standard and custom IPS policies depending on the severity of risk
Firepower Services for Cisco ASA firewalls offer advanced multi-layered security
Simpler deployments of ASA 5500-X firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM includes a convenient web dashboard for configuring, managing, and debugging ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower can be administered with Firepower Management Center, available as one or several physical or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Firepower firewalls
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Extra features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that provides dynamic network visualization, automated policy tuning driven by risk assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, improved reporting options, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 Series firewall, the Cisco IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to offer a platform that stops the broadest range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver program security, local containment and control, and clean VPN connectivity across the entire product line. This broad scope of protection allows the guarding of any network segment, which includes the most typical attack vectors such as remote sites, LAN-connected internal users, and remote access Virtual Private Networks.
The scalable design of the ASA 5500 Series enables you to add more security services by installing security service modules and cards. These user-installable enhancements provide the option of adding IPS and content protection functions such as blocking virus, worms, and phishing attacks and performing data and web screening. In addition to allowing you to respond quickly to new risk environments, the expandable architecture of the Cisco ASA 5500 family also leverages your capital investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative team training by utilizing the familiar set of PIX management tools and protocols including the Cisco ASDM system, protected command-line interface availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances firewalls deliver a high-level of application security through smart, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a safer environment covering Web, voice, and mobile wireless services. To protect networks against application-layer assaults and to provide stronger policing of the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement solutions such as anomaly detection and application and protocol state monitoring. Also incorporated are attack detection and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and free up network bandwidth for important business applications.
For additional details about Progent's consulting services for Cisco's ASA 5500 security appliances, see ASA 5500 series firewalls integration and debugging services.
PIX Firewall Appliances
Based around a tested, purpose-built software platform that delivers a wealth of security features, Cisco PIX security appliances provide excellent security and have been awarded EAL 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances offer security for a broad array of Voice over IP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and MGCP, enabling organizations to safeguard installations of a broad array of current and next-generation VoIP and video applications.
PIX firewall appliances offer a variety of configuration, tracking, and analysis options, providing IT managers the flexibility to utilize the methods that most closely meet their requirements. Administrative solutions include common, policy-based management tools, integrated web-accessible management, and compatibility with remote-monitoring protocols like SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-based control solution that greatly simplifies the deployment, in-place configuration, and monitoring of a single Cisco PIX firewall appliance without requiring any additional utility other than a standard browser and Java applet to be installed on an administrator's computer.
IT managers can also remotely set up, track, and analyze PIX security appliances using a command-line interface (CLI). Safe command-line interface access is available through a number of methods including Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewall appliances also include robust auto-update capabilities, a set of revolutionary protected remote-management services that make sure that firewall settings and software images are kept up to date.
For more details about Progent's consulting services for PIX security appliances, visit PIX firewalls configuration and debugging consulting.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has ceased offering the PIX 500 and ASA 5500 families of firewalls, many businesses are concerned about relying on a critical infrastructure mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being new devices and also offer a number of technical and economic advantages in comparison to PIX devices. These advantages include substantially better performance, optional SSL VPN capability, and a modular architecture that guards your investment by allowing you to self-install more security services whenever you require them. Progent's Cisco experts can help your company to assess the business case for moving from PIX or ASA 5500 security appliances, create a migration process that allows for a fast and non-disruptive changeover, help your IT staff to install new ASA 5500-x or Firepower NGFW Series appliances, and provide remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Firepower Series, ASA Series, and PIX family firewalls incorporate an array of configuration, monitoring, and analysis options which offer you the flexibility to set up these security appliances to match your company's requirements. Progent's CCIE authorized network professionals can show you how to design a cost-effective network infrastructure that includes Cisco firewall technology and that provides world-class protection, resilience, throughput, and manageability. Progent's GISA and CISM-premier information security professionals can assist your business to create a security strategy that makes sense for your business and can set up your firewall to support your security strategy. Progent's security evaluation professionals can evaluate the strength of your current firewall deployment and help determine the overall security of your entire IS network. Progent’s Technical Response Center can provide urgent remote troubleshooting for Cisco products and offer quick access to a Cisco CCIE expert.
To find out additional details concerning Progent's professional expertise for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about engineering expertise for Cisco products, call 1-800-993-9400 or go to Contact Progent.